Amazon S3 Template Parameters

The Amazon S3 Official Amazon SDK template supports the following set of parameters.

Parameter	Description
bucketName	Your globally unique bucket name. Mandatory parameter
path	Default: filestore The path relative to the bucket where binary files are stored.
endpoint	The cloud storage provider’s URL. 📘 Amazon Endpoints: Supported JFrog Subscriptions Only official AWS endpoints, such as `s3.amazonaws.com`, `.amazonaws.com`, and`.amazonaws.com.cn` are supported in all JFrog subscriptions. Additional endpoints are supported in the JFrog Enterprise/ Enterprise+ subscriptions.
region	The region offered by your cloud storage provider with which you want to work. Note: When `endpoint` is set, this parameter is optional only if the region is provided by the runtime/AWS SDK defaults (environment variables or instance metadata). JFrog recommends always setting `region`, and using a regional endpoint that matches it when `endpoint` is configured.
type	s3-storage-v3
testConnection	Default: true When set to true, the binary provider uploads and downloads a file when Artifactory starts up, to verify that the connection to the cloud storage provider is fully functional.
identity	Your cloud storage provider identity.
credential	Your cloud storage provider authentication credential.
port	The cloud storage providers port. When a port is not assigned and the `useHttp` parameter is set to true, the default port is set to 80. Otherwise, the default port is 443. If you define a port, it takes precedence regardless of the value set for the `useHttp` parameter.
rootFoldersNameLength	Default: 2 The number of initial characters in the object's checksum that should be used to name the folder in storage. This can take any value between 0 - 5.0 means that checksum files will be stored at the root of the object store bucket. For example, if the object's checksum is 8c335149... and `rootFoldersNameLength` is set to 4, the folder under which the object would be stored would be named 8c33.
proxyIdentity	Corresponding parameter if you are accessing the cloud storage provider through a proxy server.
proxyCredential	Corresponding parameter if you are accessing the cloud storage provider through a proxy server.
proxyPort	Corresponding parameter if you are accessing the cloud storage provider through a proxy server.
proxyHost	Corresponding parameter if you are accessing the cloud storage provider through a proxy server.
nonProxyHost (Available from Artifactory 7.77.6 self-hosted version.)	Corresponding parameter if you are accessing the cloud storage provider through a proxy server. Note: For AWS SDK v2, the value for this parameter must be a string and not regex. Artifactory will search for a non-proxy host that contains the string used here.
useHttp	Default: false Defines the connection schema. When set to true, you can set a non-secure HTTP connection.
kmsClientSideEncryptionKeyId (named kmsServerSideEncryptionKeyId prior to Artifactory version 7.31.10)	Default is N/A. Use KMS Encryption client with the given KMS encryption key ID or alias. The name, `kmsServerSideEncryptionKeyId`, is deprecated. But you can continue to use the name without causing any errors.
server-side-encryption-aws-kms	Default is N/A. If set to true, S3 encrypts artifacts on the server based on the default KMS key. You can also set it with the encryption key ID or alias instead of true.
kmsCryptoMode	Default: EncryptionOnly. This only applies to the s3-storage-v3 template. Use KMS encryption with one of the following crypto policies: EncryptionOnly AuthenticatedEncryption StrictAuthenticatedEncryption For more information, see https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/examples-crypto-kms.html.
useInstanceCredentials	Default: false. Set to true to use the AWS S3 as your default provider chain according to the authentication mechanism.
usePresigning	Default: false. When set to true, applies to signed URLs for adding, deleting, and getting client methods on s3 objects. 📘 Note usePresigning is not used in AWS SDK v2. If you try to use this parameter with AWS SDK v2, you will receive a warning message that it cannot be used by the current S3 provider. Enabling Presigning restricts the maximum size of objects that are uploaded to under 5GB. For more information, see AWS Documentation.
multiPartLimit	Default: 100,000,000 bytes For AWS SDK v1: Only relevant when usePresigning is set to false. For AWS SDK v2: Always relevant. File size threshold (in bytes) over which file uploads are chunked and multi-threaded.
multipartElementSize	Default: For AWS SDK v1: 5 MB chunk For AWS SDK v2: 8 MB chunk The chunk size when multiPartLimit is used. If a tag is not set, the default value is applied.
transferManagerThreads	Default: 10. Applies when usePresigning is set to false This applies to multipart uploads, configured by the multiPartLimit.
signatureExpirySeconds	Default: 300 Sets the validity period in seconds for signed URLs used internally for uploads and downloads.
maxConnections	Default: 50. Sets the maximum HTTP client connections for the AWS client
connectionTimeout	Default: none Sets the connection timeout (in milliseconds) for the AWS client. A value equal to or less than 0 will cause Artifactory to use the clients' default values.
socketTimeout	Default: 50,000. Sets the socket timeout (in milliseconds) for the AWS client.
enablePathStyleAccess	Default: false Amazon S3 supports virtual-hosted-style and path-style access in all regions. The path-style syntax requires using the region-specific endpoint when accessing a bucket. For non-AWS users, set this property to true. For CEPH storage, set this property to true.
disableChunkedEncoding	Default: false The default behavior is to enable chunked encoding automatically for PutObjectRequest and UploadPartRequest. Setting this flag will result in disabling chunked encoding for all requests, which may impact performance. Use this option only if your endpoint does not implement chunked uploading.
useDeprecatedBucketExistenceCheck	Default: false Setting this property to true will force checking bucket existence based on a HEAD request to the bucket. (Deprecated in AWS)
enableSignedUrlRedirect	Enables direct cloud storage download.
signedUrlExpirySeconds	Default: 30 (optional) Specifies the number of seconds that a signed URL provided to a requesting client for direct download from cloud storage is valid. 📘 Note Direct download is available for AWS, Azure, and GCP. Direct download for Azure is only available for Self-Hosted environments.
tempDir	A temporary folder into which files are written for internal use by Artifactory. If the value specified starts with a forward slash ("/") the value is considered the full path to the temporary folder. Otherwise, it is considered relative to fileStoreDir under the baseDataDir. Applicable for direct upload only. 📘 Note Prior to Artifactory 7.98.2, tempDir was always relative to baseDataDir, and if tempDir had an absolute path in binarystore.xml (for example: /tmp), tempDir was set to $BASEDATADIR/filestore/tmp.
awsSdkV2	Default: True, from Artifactory 7.146.7 and later versions False, Artifactory versions before 7.146.7 Enables or disables the AWS SDK v2 integration.
blockingDataReadThreads	Default: 15 The number of threads in the dedicated pool for adapting Artifactory's blocking I/O to the SDK's non-blocking clients. 📘 Note Relevant only to AWS SDK v2.
crtTargetThroughputInGbps	Default: 10.0 The target network throughput (in Gbps) for the high-performance CRT client. This helps throttle the client on networks with limited bandwidth. 📘 Note Relevant only to AWS SDK v2.
connectionAcquisitionTimeout	Default: -1 The connection acquisition timeout for the AWS client in milliseconds. A value equal to or less than 0 causes Artifactory to use the client's default value. 📘 Note Relevant only to AWS SDK v2.
disableChecksumValidation	Default: false Disables automatic checksum validation during S3 operations. 📘 Note Give careful consideration before enabling this setting. For more information on the AWS checksum validation mechanism, see the AWS documentation. Relevant only to AWS SDK v2.
crtEnableConnectionHealth	Default: false Enables connection health monitoring for the AWS CRT (Common Runtime) S3 client. When set to true, Artifactory actively monitors the health of active S3 connections and drops those that fall below a minimum throughput threshold. This prevents slow or stalled connections from blocking transfers indefinitely. Requires awsSdkV2 to be enabled and the CRT client to be in use. The monitoring behavior is controlled by crtMinimumThroughputInBps and crtMinimumThroughputTimeoutSeconds. Note: Available from Artifactory Artifactory version 7.133.15 and later. Applies only to the AWS SDK v2 CRT async S3 client (awsSdkV2=true). Maps directly to the AWS SDK's S3CrtConnectionHealthConfiguration.
crtMinimumThroughputInBps	Default: 5000000 (5 Mbps) The minimum acceptable throughput (in bits per second) for an active S3 connection when connection health monitoring is enabled (`crtEnableConnectionHealth=true`). If a connection's throughput drops below this value for longer than the duration defined by `crtMinimumThroughputTimeoutSeconds`, the connection is considered unhealthy and is dropped. Reducing this value makes Artifactory more tolerant of slow connections; increasing it causes faster detection and termination of underperforming connections. Note: Available from Artifactory Artifactory version 7.133.15 and later. Applies only to the AWS SDK v2 CRT async S3 client (`awsSdkV2=true`). Maps directly to the AWS SDK's S3CrtConnectionHealthConfiguration.
crtMinimumThroughputTimeoutSeconds	Default: 2 The duration (in seconds) a connection must sustain throughput below `crtMinimumThroughputInBps` before it is considered unhealthy and dropped, when crtEnableConnectionHealth=true. The AWS CRT library enforces a hard minimum of 2 seconds, any value lower than 2 is automatically treated as 2. Increasing this value gives connections more time to recover from temporary slowdowns before being terminated. Note: Available from Artifactory Artifactory version 7.133.15 and later. Applies only to the AWS SDK v2 CRT async S3 client (`awsSdkV2=true`). Maps directly to the AWS SDK's S3CrtConnectionHealthConfiguration.

Frequently Asked Questions

This section provides answers to frequently asked questions.

FAQs

Q: Which parameter is mandatory when configuring the S3 binary provider?

A: The bucketName parameter is mandatory. It must be a globally unique bucket name and cannot be omitted from the provider configuration.

Q: What is the default path inside the S3 bucket where Artifactory stores binaries?

A: The default path is filestore. You can override this by setting the path parameter to any prefix relative to the bucket root.

Q: Does Artifactory verify S3 connectivity at startup?

A: Yes. When testConnection is set to true (the default), Artifactory uploads and downloads a test file at startup to verify that the connection to S3 is fully functional.

Q: What is the size limit when usePresigning is enabled?

A: Enabling usePresigning restricts the maximum upload size to under 5 GB. Note that usePresigning is not supported with AWS SDK v2 — using it with SDK v2 produces a warning and the parameter is ignored. See S3 Binary Storage Templates for template examples.

Q: When should enablePathStyleAccess be set to true?

A: Set enablePathStyleAccess to true for non-AWS S3-compatible providers and for CEPH storage. Path-style access requires using the region-specific endpoint when accessing a bucket, while the default virtual-hosted-style access does not.